Oracles

In this post we report on the current state of oracles to help you assess risk.
Base Asset
Base Address
Deposit Caps
Price Provider
Oracle Address
Security
cbETH
Etherscan
250 ETH per asset
Uniswap V3
Low
USDC
Etherscan
250 ETH per asset
Uniswap V3
High
WBTC
Etherscan
250 ETH per asset
Uniswap V3
High
FRAX
Etherscan
250 ETH per asset
Uniswap V3
High
CRV
Etherscan
250 ETH per asset
Uniswap V3
High
FXS
Etherscan
250 ETH per asset
Uniswap V3
High
CVX
Etherscan
250 ETH per asset
Uniswap V3
High
APE
Etherscan
250 ETH per asset
Uniswap V3
High
wstETH
Etherscan
250 ETH per asset
Balancer V2
Balancer
High
BAL
Etherscan
250 ETH per asset
Balancer V2
Balancer
High

cbETH silo displays a risk signal to help users assess risk.
Total deposits in the cbETH silo are capped at 250 ETH per token asset to prevent, or reduce, oracle attacks.
The cbETH silo uses a Uniswap V3 price oracle to read the price of cbETH. The oracle is currently at high risk of manipulation because liquidity providers (LPs) in the cbETH-ETH Univ3 pool have deposited liquidity along a narrow price range. (see image 1)
Image 1: Liquidity is concentrated under a few price ticks rather than spread broadly.
As a result, an attacker could pump the price of cbETH by as high as 85% to borrow more ETH from the cbETH silo than they are allowed to. Conversely, the attacker can dump the price of cbETH by -46%, deposit ETH collateral in the silo, and borrow more cbETH than they should be allowed to. Either attack would cause bad debt to depositors in the cbETH silo.
At the moment (September 16, 2022, 6:00 PMUTC), the cost of either a pump or dump attack is estimated at $110,000 only*. (see image 2)
Image 2 source: Euler oracle simulator. It costs $110,771 to pump cbETH by +85% or dump it by -46%.
For example, the attacker would:
  • Deposit $230,000 in cbETH.
  • Pump the value of his cbETH collateral by 85%, from $230,000 to $425,500.
  • Borrow $340,400 in ETH, which is 80% the pumped cbETH collateral value: 80%*425,000 = $340,400.
  • Net a profit of $400, calculated as follows: The value of borrowed ETH minus the cost of the attack minus the cbETH collateral left behind ($340,400 - $110,000 - $230,000 = $400.)
Copy link
On this page
State of oracles in use
cbETH silo (high risk of manipulation)